hxxp://www[.]google[.]com/url?sa=t&source=web&rct=j&opi=89978449&url=hxxp://vardadiena[.]com/kalendars/&ved=2ahUKEwj76ZbTk8GCAxV8gP0HHaPgB38QFnoECA4QAQ

Analysis

max time kernel
299s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://vardadiena.com/kalendars/&ved=2ahUKEwj76ZbTk8GCAxV8gP0HHaPgB38QFnoECA4QAQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133443769300397346"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350690463-3549324357-1323838019-1000\{A6FCECFD-6D54-4FD3-A634-CA63279D72FB}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
3820	chrome.exe
3820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 2508	4420	chrome.exe	86
PID 4420 wrote to memory of 2508	4420	chrome.exe	86
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 2056	4420	chrome.exe	88
PID 4420 wrote to memory of 4816	4420	chrome.exe	89
PID 4420 wrote to memory of 4816	4420	chrome.exe	89
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90
PID 4420 wrote to memory of 2296	4420	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://vardadiena.com/kalendars/&ved=2ahUKEwj76ZbTk8GCAxV8gP0HHaPgB38QFnoECA4QAQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffab369758,0x7fffab369768,0x7fffab369778
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5052 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5348 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5212 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5608 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5392 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6204 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6400 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3456 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5816 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6088 --field-trial-handle=1868,i,16024734321319517456,14874415911214596574,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x39c 0x308
1⤵
PID:5496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c182cf90d45668718ac0b2024b34ad67

SHA1
526e545144602e54618ae91a991031097fce5b83

SHA256
b63d9a9dc84837f93b852da9fbc7eaa3a835bee9a509165e1b5c40492acfd7c5

SHA512
45cb70e81f54a34e9a37f58c3dca3eb90f57fc2f0ce008e610a7c08550b1648726fb2fe610ecf397aa5de66725213d14eb6b26e3992d51a469021cd1f9fea17a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
8f6c0db957309f52593315a6756acba4

SHA1
dfc50f278a7e90d1b95e8f9298d322c11cdb5f24

SHA256
cc08f7e7dc859fb2073374c14b7cc84b69f80a89d5fb9c97ed28afe8060fdcdf

SHA512
fa9cce0eb626cfb8a5b6306f0756d883fe1470483648aeb6e11de6e402a53d9eba22f14315c90cbd8fca7be92455144a0b21ce90e03a1364764ddca47e4cc888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8e1ad3a773f1c094c2a413c8c4b33ff1

SHA1
e818cb1f93410ed8286bc3a0cac66bfaaa36f81c

SHA256
f5c1962f20117b1d9ba669801ce5f13c2967e4168d8daf6b0a2ddb31e69c532e

SHA512
d694a0f48fad1bcfea5d6e816c0cb93f271ec03514c073bc693b740eb863d09ada2621681b77f46b2b3e0ef144c3b2b02883e89297ac03d4e64b082068af333a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
afd87808ded18427ed03e6ab039781e9

SHA1
1d2fd46cd6458abe05c845322c7758596db54fa7

SHA256
fe018fa5e0f74f9db442b2bcfd0c5df3afdf4017acf64514e4ed817f9384cfa7

SHA512
a79ba14286f392405308e9656f4e862aa9e33deb93972d584c803941a74bc6e2751c0aded37bf1b1a4f28e6c70b4c8904b20c697fef6aabcad4a1ebd33c019a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e52bb9a4fc01b1c637f6e2cbfd41f755

SHA1
5865ec4ff690eba159319570b02f3381c7d7dceb

SHA256
4a3a2d116c136538bf273f78d578c39107b8411943c0788f95094d5395159c4c

SHA512
477ebc0fecd5989f7f718a6710dff95f3d1e4190dc5e08a420160d33499fa90abfd15cc70cafbae140a1c577b2117a9e11395fdf1f6d5f7e2436fb37611449fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b33a1af7e2cbe0ba025995373f8c1692

SHA1
a82728906dce28a13c1b4ac159296e87eb53b51f

SHA256
0c338673ecd39f6fb2fd053bc1a1bbd7024119b4fd2b6a98719199d10194df43

SHA512
deef3417f6485a8d416e2ee08a232bddfda9717ecc6f288700ff4db613ff5582363a10092519524edcc7626771f212429d9c78a35db8e9c7e0e1d6ed9e33ef8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
867785adec8dadd19bf7f281de94ff85

SHA1
20260b801f4c0f81ed2bb5d605150d43352080fe

SHA256
d1fa3b91c3ea87b900f11b0be85957cf55e3d5983f6733c142a06b8bc3eec770

SHA512
aa26767f461f639dd1ec0652b7bcdd1ae83e12165392cbccaa1739f826095af990b033fa4ea6e9d47f6e37c8ed1c3ca69af23306cb6e3470be4d6c9be2daa8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f7aa40e0b9d13981929df266f4bf6067

SHA1
461e80cbe22af1a67eec20dace0cb25a04ccf37a

SHA256
c93ff5dfe4e6b0d91d7a57c4a450f84140efe9062914d57eca3a2826d0e1c418

SHA512
beb359e417e6fb52607e0ec272862b644401c17b2d90aab45309586d85fe1a8046bb1b19fadfb0d9560d3a9d947e1b617f06c1efff2172dd2d7ef9375ee01cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ea41019ccff071951344f4550326efc

SHA1
20d72515efc2699be45b9e56b5b9d5998e4e2841

SHA256
4ac80451adb6021e7ee9d5ff9e7f41d375b0cc0ade351cec76bd692f5908d28f

SHA512
6aba82383432539556c82ac37f57d79b3479b309a92cbf288f1cc14b3988932b5437b53e0096693ba6c70faa0a291279785296575286e7795cb2f0cc7dac9141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
21e2b568bdb8635ddd8e548bed40eda4

SHA1
cc4b8ae90fd18761b97258eee1378dcb994a9092

SHA256
9a322eab15ee92dceff4d16254ea148d7f8122adaf7c7afd8ffad04b154896d0

SHA512
dd498562bf4091b9711d5b11cee9d4dc22a2c16de745378878d460c62a89a5e0f8c1c28c33ce8f71b95010dd0629a70018bf7c193376c6f7348a31011c842e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8f8665c42148c0b38b8c3983ba313cfe

SHA1
2ef404f4681edd3254b00226c01c3c5d6714062c

SHA256
836298bcb408de51e6375c09c47c64a8ad04e88f7877dcce2dca9c992acaca53

SHA512
83f3a7af4f8e24a2504847b3c224d1a89003ed0766d5f93599f17be325444acbae29601381d36fff7a083ecfa5532c4a318dd3137abe2bc98b3f245f15445f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58145e.TMP

Filesize
120B

MD5
beac93a0f115343318e1c3bbb572b8df

SHA1
df13bd19ab9b7d59c57bb8f5cafabae9a80bad47

SHA256
c359b3ef48482b4bb2082be74ba117e0032661b9491f5410a4880925339257c7

SHA512
614a30142de3b6eee22a2b1288f07109e0916b94543c5bfaa9e22fb4ab777943ffb394669432b628ec49eaeb87b48c632eaaa1a1276a5b51cb66857fadb92693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
b1404930a01b999b2e9c60b8be225e4d

SHA1
4b0c6b24d8ba5550a54c857aae4c703438bc5dec

SHA256
3c338c23cbb0d074b311ee6735c17dbdb23aa189d66b53c75262e429b416c435

SHA512
fad156ce2da92d197c0d49873452ec828a28c63cfeafad8395c7be69d2e05642e1e6c39206e2eb537759d670d25ccb70e7879350efe56898d8790aca4654f093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
98f45ea975c2e59838209893b3835850

SHA1
89fa764116a44ac9b5b9f0ad2b6b5e143a0b82f2

SHA256
b7c9461c797d8c013d2262ba168aeffe93f791ce59af272ef3a8f3c5da6fe22b

SHA512
91c3f43154b91942837560c23eb4de539de69ecd41af778397a707de3d28077de0b2993818b2ab50c46e7682bfd172568c91f860dfd0daeeb4a90e70e282fbe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
4da5bab0c5d4b7ac2a3ff34470a77d31

SHA1
70a02cefc23dbfa5fda0d52aad2b5f1dc15e9a27

SHA256
9884658b4a90d6b8867ae4286b88938e33e6babe0160ef88a70de25908aa5aed

SHA512
336cbc08e2d6a5b6b018cdafc703d9b33c2d6c38487a2886bd945b8ac6491bca7117a6fcc1ffe39639bf343a2151bda5e1fda6c2801ed1499b7a325099c38fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fc13.TMP

Filesize
97KB

MD5
1369ad5d6c4c9ad486c87f5b2474b489

SHA1
c394fa2c399145398cd86e94d4cfcdac560ef85a

SHA256
f230b23829dd9a0aab548e6fab29b4149c1ef4459afdda2cd339989337971f46

SHA512
5969bc6c9c1bfb28dfcc2221b5f485675fa61f6cf499b17b598e4fa54ea369427e2e454f1fefd1dbb95e0d2768ff963952d6bf84c8557cee1ebe749cd09dc28c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit